Installation Guide
Page 82
... cable. See the "LEDs" section on page 1-6 for a description of subtle damage to the switch, look at the physical layer, but it could cause an explosion in a nonhazardous location before proceeding. Cisco IE 3000 Switch Hardware Installation Guide 3-2 OL-13017-01 To verify switch operation, perform POST on the network, an electrical arc can...
... cable. See the "LEDs" section on page 1-6 for a description of subtle damage to the switch, look at the physical layer, but it could cause an explosion in a nonhazardous location before proceeding. Cisco IE 3000 Switch Hardware Installation Guide 3-2 OL-13017-01 To verify switch operation, perform POST on the network, an electrical arc can...
Software Configuration Guide
Page 10
... to Run SSH 11-35 Configuring the SSH Server 11-36 Displaying the SSH Configuration and Status 11-37 Configuring the Switch for Secure Socket Layer HTTP 11-37 Understanding Secure HTTP Servers and Clients 11-37 Certificate Authority Trustpoints 11-38 CipherSuites 11-39 Configuring Secure HTTP Servers and Clients... Configuring the Secure HTTP Client 11-43 Displaying Secure HTTP Server and Client Status 11-43 Configuring the Switch for Secure Copy Protocol 11-44 Cisco IE 3000 Switch Software Configuration Guide x OL-13018-03
... to Run SSH 11-35 Configuring the SSH Server 11-36 Displaying the SSH Configuration and Status 11-37 Configuring the Switch for Secure Socket Layer HTTP 11-37 Understanding Secure HTTP Servers and Clients 11-37 Certificate Authority Trustpoints 11-38 CipherSuites 11-39 Configuring Secure HTTP Servers and Clients... Configuring the Secure HTTP Client 11-43 Displaying Secure HTTP Server and Client Status 11-43 Configuring the Switch for Secure Copy Protocol 11-44 Cisco IE 3000 Switch Software Configuration Guide x OL-13018-03
Software Configuration Guide
Page 11
... Port Security 12-20 802.1x Authentication with Wake-on-LAN 12-21 802.1x Authentication with MAC Authentication Bypass 12-22 Network Admission Control Layer 2 802.1x Validation 12-23 Flexible Authentication Ordering 12-23 Open1x Authentication 12-24 802.1x Switch Supplicant with Network Edge Access Topology (NEAT) 12... Filter-Id Attribute 12-26 Configuring 802.1x Authentication 12-26 Default 802.1x Authentication Configuration 12-27 802.1x Authentication Configuration Guidelines 12-28 Cisco IE 3000 Switch Software Configuration Guide xi
... Port Security 12-20 802.1x Authentication with Wake-on-LAN 12-21 802.1x Authentication with MAC Authentication Bypass 12-22 Network Admission Control Layer 2 802.1x Validation 12-23 Flexible Authentication Ordering 12-23 Open1x Authentication 12-24 802.1x Switch Supplicant with Network Edge Access Topology (NEAT) 12... Filter-Id Attribute 12-26 Configuring 802.1x Authentication 12-26 Default 802.1x Authentication Configuration 12-27 802.1x Authentication Configuration Guidelines 12-28 Cisco IE 3000 Switch Software Configuration Guide xi
Software Configuration Guide
Page 12
...-43 Configuring the Inaccessible Authentication Bypass Feature 12-45 Configuring 802.1x Authentication with WoL 12-47 Configuring MAC Authentication Bypass 12-48 Configuring NAC Layer 2 802.1x Validation 12-49 Configuring 802.1x Switch Supplicant with NEAT 12-50 Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 12... Status 12-59 13 C H A P T E R Configuring Interface Characteristics 13-1 Understanding Interface Types 13-1 Port-Based VLANs 13-2 Switch Ports 13-2 Access Ports 13-2 Trunk Ports 13-3 Cisco IE 3000 Switch Software Configuration Guide xii OL-13018-03
...-43 Configuring the Inaccessible Authentication Bypass Feature 12-45 Configuring 802.1x Authentication with WoL 12-47 Configuring MAC Authentication Bypass 12-48 Configuring NAC Layer 2 802.1x Validation 12-49 Configuring 802.1x Switch Supplicant with NEAT 12-50 Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 12... Status 12-59 13 C H A P T E R Configuring Interface Characteristics 13-1 Understanding Interface Types 13-1 Port-Based VLANs 13-2 Switch Ports 13-2 Access Ports 13-2 Trunk Ports 13-3 Cisco IE 3000 Switch Software Configuration Guide xii OL-13018-03
Software Configuration Guide
Page 14
...-Range VLAN 15-12 Displaying VLANs 15-13 Configuring VLAN Trunks 15-14 Trunking Overview 15-14 IEEE 802.1Q Configuration Considerations 15-15 Default Layer 2 Ethernet Interface VLAN Configuration 15-16 Configuring an Ethernet Interface as a Trunk Port 15-16 Interaction with Other Features 15-16 Configuring a Trunk Port 15...-27 Changing the Retry Count 15-28 Monitoring the VMPS 15-28 Troubleshooting Dynamic-Access Port VLAN Membership 15-29 VMPS Configuration Example 15-29 Cisco IE 3000 Switch Software Configuration Guide xiv OL-13018-03
...-Range VLAN 15-12 Displaying VLANs 15-13 Configuring VLAN Trunks 15-14 Trunking Overview 15-14 IEEE 802.1Q Configuration Considerations 15-15 Default Layer 2 Ethernet Interface VLAN Configuration 15-16 Configuring an Ethernet Interface as a Trunk Port 15-16 Interaction with Other Features 15-16 Configuring a Trunk Port 15...-27 Changing the Retry Count 15-28 Monitoring the VMPS 15-28 Troubleshooting Dynamic-Access Port VLAN Membership 15-29 VMPS Configuration Example 15-29 Cisco IE 3000 Switch Software Configuration Guide xiv OL-13018-03
Software Configuration Guide
Page 25
... Named MAC Extended ACLs 34-20 Applying a MAC ACL to a Layer 2 Interface 34-22 Displaying IPv4 ACL Configuration 34-23 Configuring Cisco IOS IP SLAs Operations 35-1 Understanding Cisco IOS IP SLAs 35-1 Using Cisco IOS IP SLAs to Measure Network Performance 35-2 IP SLAs Responder and... IP SLAs Control Protocol 35-3 Response Time Computation for IP SLAs 35-4 Configuring IP SLAs Operations 35-5 Default Configuration 35-5 Configuration Guidelines 35-5 Cisco IE 3000 Switch Software...
... Named MAC Extended ACLs 34-20 Applying a MAC ACL to a Layer 2 Interface 34-22 Displaying IPv4 ACL Configuration 34-23 Configuring Cisco IOS IP SLAs Operations 35-1 Understanding Cisco IOS IP SLAs 35-1 Using Cisco IOS IP SLAs to Measure Network Performance 35-2 IP SLAs Responder and... IP SLAs Control Protocol 35-3 Response Time Computation for IP SLAs 35-4 Configuring IP SLAs Operations 35-5 Default Configuration 35-5 Configuration Guidelines 35-5 Cisco IE 3000 Switch Software...
Software Configuration Guide
Page 28
...Features 38-6 EtherChannel On Mode 38-6 Load Balancing and Forwarding Methods 38-7 Configuring EtherChannels 38-8 Default EtherChannel Configuration 38-9 EtherChannel Configuration Guidelines 38-9 Configuring Layer 2 EtherChannels 38-10 Configuring EtherChannel Load Balancing 38-13 Configuring the PAgP Learn Method and Priority 38-14 Configuring LACP Hot-Standby Ports 38-15...Configuration 38-20 Link-State Tracking Configuration Guidelines 38-21 Configuring Link-State Tracking 38-21 Displaying Link-State Tracking Status 38-22 xxviii Cisco IE 3000 Switch Software Configuration Guide OL-13018-03
...Features 38-6 EtherChannel On Mode 38-6 Load Balancing and Forwarding Methods 38-7 Configuring EtherChannels 38-8 Default EtherChannel Configuration 38-9 EtherChannel Configuration Guidelines 38-9 Configuring Layer 2 EtherChannels 38-10 Configuring EtherChannel Load Balancing 38-13 Configuring the PAgP Learn Method and Priority 38-14 Configuring LACP Hot-Standby Ports 38-15...Configuration 38-20 Link-State Tracking Configuration Guidelines 38-21 Configuring Link-State Tracking 38-21 Displaying Link-State Tracking Status 38-22 xxviii Cisco IE 3000 Switch Software Configuration Guide OL-13018-03
Software Configuration Guide
Page 29
... Mismatches 39-7 SFP Module Security and Identification 39-8 Monitoring SFP Module Status 39-8 Using Ping 39-8 Understanding Ping 39-9 Executing Ping 39-9 Using Layer 2 Traceroute 39-10 Understanding Layer 2 Traceroute 39-10 Usage Guidelines 39-10 Displaying the Physical Path 39-11 Using IP Traceroute 39-11 Understanding IP Traceroute 39-11...-18 Troubleshooting CPU Utilization 39-18 Possible Symptoms of High CPU Utilization 39-18 Verifying the Problem and Cause 39-19 Contents OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide xxix
... Mismatches 39-7 SFP Module Security and Identification 39-8 Monitoring SFP Module Status 39-8 Using Ping 39-8 Understanding Ping 39-9 Executing Ping 39-9 Using Layer 2 Traceroute 39-10 Understanding Layer 2 Traceroute 39-10 Usage Guidelines 39-10 Displaying the Physical Path 39-11 Using IP Traceroute 39-11 Understanding IP Traceroute 39-11...-18 Troubleshooting CPU Utilization 39-18 Possible Symptoms of High CPU Utilization 39-18 Verifying the Problem and Cause 39-19 Contents OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide xxix
Software Configuration Guide
Page 39
...Management (SDM) templates for allocating system resources to maximize support for user-selected features OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-3 Performance Features • Cisco EnergyWise manages the energy usage of power over Ethernet (PoE) entities. • Autosensing of port...Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port ...
...Management (SDM) templates for allocating system resources to maximize support for user-selected features OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-3 Performance Features • Cisco EnergyWise manages the energy usage of power over Ethernet (PoE) entities. • Autosensing of port...Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic creation of EtherChannel links • Forwarding of Layer 2 packets at Gigabit line rate • Per-port storm control for preventing broadcast, multicast, and unicast storms • Port ...
Software Configuration Guide
Page 41
...size of the MAC address table • Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping between the switch and other Cisco devices on the network • Link Layer Discovery Protocol (LLDP) and LLDP Media ...IEEE 1588 standard to synchronize with nanosecond accuracy the real-time clocks of the devices in a network • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses •... Navigator or Microsoft Internet Explorer browser session OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-5
...size of the MAC address table • Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping between the switch and other Cisco devices on the network • Link Layer Discovery Protocol (LLDP) and LLDP Media ...IEEE 1588 standard to synchronize with nanosecond accuracy the real-time clocks of the devices in a network • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses •... Navigator or Microsoft Internet Explorer browser session OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-5
Software Configuration Guide
Page 43
... traffic is not REP-capable • Flex Link Layer 2 interfaces to back up to 255 VLANs for assigning users to VLANs associated with restricted VLANs (also known as authentication failed VLANs) OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-7 BPDU guard for eliminating the... allowed by restricting flooded traffic to links destined for stations receiving the traffic • Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization for preventing a Port Fast-enabled port from becoming the spanning-tree root - Chapter 1 Overview...
... traffic is not REP-capable • Flex Link Layer 2 interfaces to back up to 255 VLANs for assigning users to VLANs associated with restricted VLANs (also known as authentication failed VLANs) OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-7 BPDU guard for eliminating the... allowed by restricting flooded traffic to links destined for stations receiving the traffic • Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization for preventing a Port Fast-enabled port from becoming the spanning-tree root - Chapter 1 Overview...
Software Configuration Guide
Page 44
... a violation occurs, instead of the port - Guest VLAN to provide limited services to authenticate via the standard 802.1x processes Cisco IE 3000 Switch Software Configuration Guide 1-8 OL-13018-03 Restricted VLAN to provide limited services to users who are supported: - Multidomain authentication ... IP access control lists (ACLs) for defining inbound security policies on Layer 2 interfaces (port ACLs) • Extended MAC access control lists for defining security policies in the inbound direction on Layer 2 interfaces • Source and destination MAC-based ACLs for filtering ...
... a violation occurs, instead of the port - Guest VLAN to provide limited services to authenticate via the standard 802.1x processes Cisco IE 3000 Switch Software Configuration Guide 1-8 OL-13018-03 Restricted VLAN to provide limited services to users who are supported: - Multidomain authentication ... IP access control lists (ACLs) for defining inbound security policies on Layer 2 interfaces (port ACLs) • Extended MAC access control lists for defining security policies in the inbound direction on Layer 2 interfaces • Source and destination MAC-based ACLs for filtering ...
Software Configuration Guide
Page 45
...IEEE 802.1p CoS marking priorities on a per -user ACL downloads from a Cisco Secure ACS server to an authenticated switch. - For information about configuring NAC Layer 2 802.1x validation, see the "Configuring NAC Layer 2 802.1x Validation" section on the client MAC address. - Network Edge...to authenticate a switch outside a wiring closet as a supplicant to another QoS domain OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-9 Network Admission Control (NAC) Layer 2 802.1x validation of the antivirus condition or posture of endpoint systems or clients before configuring IEEE ...
...IEEE 802.1p CoS marking priorities on a per -user ACL downloads from a Cisco Secure ACS server to an authenticated switch. - For information about configuring NAC Layer 2 802.1x validation, see the "Configuring NAC Layer 2 802.1x Validation" section on the client MAC address. - Network Edge...to authenticate a switch outside a wiring closet as a supplicant to another QoS domain OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-9 Network Admission Control (NAC) Layer 2 802.1x validation of the antivirus condition or posture of endpoint systems or clients before configuring IEEE ...
Software Configuration Guide
Page 46
...tracking users on a network by storing the MAC addresses that a packet takes from a source device to a destination device 1-10 Cisco IE 3000 Switch Software Configuration Guide OL-13018-03 Shaped egress queues are also guaranteed a configured share of bandwidth, but limited to metered,...analysis • Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events • Layer 2 traceroute to a specific traffic flow - Monitoring Features • Switch LEDs that exceed bandwidth utilization limits • Ingress queueing...
...tracking users on a network by storing the MAC addresses that a packet takes from a source device to a destination device 1-10 Cisco IE 3000 Switch Software Configuration Guide OL-13018-03 Shaped egress queues are also guaranteed a configured share of bandwidth, but limited to metered,...analysis • Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events • Layer 2 traceroute to a specific traffic flow - Monitoring Features • Switch LEDs that exceed bandwidth utilization limits • Ingress queueing...
Software Configuration Guide
Page 47
...is disabled. For more information, see Chapter 11, "Configuring Switch-Based Authentication." • RADIUS is enabled. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-11 For more information, see Chapter 12, "Configuring IEEE 802.1x Port-Based Authentication." For more information...is 0.0.0.0. For more information, see Chapter 11, "Configuring Switch-Based Authentication." • The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are defined. For more information, see Chapter 4, "Assigning the Switch IP Address and Default Gateway." ...
...is disabled. For more information, see Chapter 11, "Configuring Switch-Based Authentication." • RADIUS is enabled. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-11 For more information, see Chapter 12, "Configuring IEEE 802.1x Port-Based Authentication." For more information...is 0.0.0.0. For more information, see Chapter 11, "Configuring Switch-Based Authentication." • The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are defined. For more information, see Chapter 4, "Assigning the Switch IP Address and Default Gateway." ...
Software Configuration Guide
Page 53
...no redundancy to the loss of the interface capacity on any switch. - See Figure 1-2. • The connection between the Layer 3 switch and the first Layer 2 switch is important. For instance, there is a higher latency with 100 Mb interfaces than there is driven by the amount... to the network. These are the key connectivity considerations: • Devices are connected to 70 percent utilization. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-17 The cell network also requires physical topologies that are primarily caused by various factors, but a redundant...
...no redundancy to the loss of the interface capacity on any switch. - See Figure 1-2. • The connection between the Layer 3 switch and the first Layer 2 switch is important. For instance, there is a higher latency with 100 Mb interfaces than there is driven by the amount... to the network. These are the key connectivity considerations: • Devices are connected to 70 percent utilization. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-17 The cell network also requires physical topologies that are primarily caused by various factors, but a redundant...
Software Configuration Guide
Page 54
... implementation and Rapid Spanning Tree Protocol (RSTP). • Although better than the trunk-drop, the top of the ring (connections to the Layer 3 switches) can degrade network performance. 1-18 Cisco IE 3000 Switch Software Configuration Guide OL-13018-03 Network Configuration Examples Figure 1-2 Cell Network-Trunk-Drop Topology Human Machine Interface (HMI) Catalyst 3750...
... implementation and Rapid Spanning Tree Protocol (RSTP). • Although better than the trunk-drop, the top of the ring (connections to the Layer 3 switches) can degrade network performance. 1-18 Cisco IE 3000 Switch Software Configuration Guide OL-13018-03 Network Configuration Examples Figure 1-2 Cell Network-Trunk-Drop Topology Human Machine Interface (HMI) Catalyst 3750...
Software Configuration Guide
Page 55
... even if multiple connections are lost. Devices are connected to the Layer 3 devices. • The Layer 2 network is always only two hops to another Layer 2 switch. • In the Layer 2 network, each switch has dual connections to the Layer2 switches. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-19 Chapter 1 Overview Figure 1-3 Cell Network-Ring...
... even if multiple connections are lost. Devices are connected to the Layer 3 devices. • The Layer 2 network is always only two hops to another Layer 2 switch. • In the Layer 2 network, each switch has dual connections to the Layer2 switches. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 1-19 Chapter 1 Overview Figure 1-3 Cell Network-Ring...
Software Configuration Guide
Page 69
...fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 3-3 Each fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level. The link fault ...the ports. The switch generates a port not-forwarding alarm when a port is equipped with a port physical layer cause unreliable data transmission. Table 3-2 IE 3000 Port Status Monitoring Alarms Alarm Link Fault alarm Port not Forwarding alarm Port not Operating alarm FCS Bit Error ...
...fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level. OL-13018-03 Cisco IE 3000 Switch Software Configuration Guide 3-3 Each fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level. The link fault ...the ports. The switch generates a port not-forwarding alarm when a port is equipped with a port physical layer cause unreliable data transmission. Table 3-2 IE 3000 Port Status Monitoring Alarms Alarm Link Fault alarm Port not Forwarding alarm Port not Operating alarm FCS Bit Error ...
Software Configuration Guide
Page 70
... mode, the default alarm notification is associated with the major relay. See the "Configuring IE 3000 Switch Alarms" section on all interfaces. Disabled. Configuring IE 3000 Switch Alarms Chapter 3 Configuring Cisco IE 3000 Switch Alarms • SNMP Traps SNMP is an application-layer protocol that the user can use alarm profiles to send system messages to a syslog server...
... mode, the default alarm notification is associated with the major relay. See the "Configuring IE 3000 Switch Alarms" section on all interfaces. Disabled. Configuring IE 3000 Switch Alarms Chapter 3 Configuring Cisco IE 3000 Switch Alarms • SNMP Traps SNMP is an application-layer protocol that the user can use alarm profiles to send system messages to a syslog server...